forked from TrueCloudLab/restic
Update github.com/minio/minio-go
This commit is contained in:
parent
eadf5dcb2d
commit
bf8a155fb1
6 changed files with 68 additions and 62 deletions
2
vendor/manifest
vendored
2
vendor/manifest
vendored
|
@ -46,7 +46,7 @@
|
||||||
{
|
{
|
||||||
"importpath": "github.com/minio/minio-go",
|
"importpath": "github.com/minio/minio-go",
|
||||||
"repository": "https://github.com/minio/minio-go",
|
"repository": "https://github.com/minio/minio-go",
|
||||||
"revision": "f2362d9e7d8daf89594ee0a079be2424eaf360be",
|
"revision": "f6d5df6b625c00c3180ec6c9240ea710620c7070",
|
||||||
"branch": "master"
|
"branch": "master"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -69,7 +69,7 @@ func (c Client) ListBuckets() ([]BucketInfo, error) {
|
||||||
// // Create a done channel.
|
// // Create a done channel.
|
||||||
// doneCh := make(chan struct{})
|
// doneCh := make(chan struct{})
|
||||||
// defer close(doneCh)
|
// defer close(doneCh)
|
||||||
// // Recurively list all objects in 'mytestbucket'
|
// // Recursively list all objects in 'mytestbucket'
|
||||||
// recursive := true
|
// recursive := true
|
||||||
// for message := range api.ListObjectsV2("mytestbucket", "starthere", recursive, doneCh) {
|
// for message := range api.ListObjectsV2("mytestbucket", "starthere", recursive, doneCh) {
|
||||||
// fmt.Println(message)
|
// fmt.Println(message)
|
||||||
|
|
|
@ -17,7 +17,6 @@
|
||||||
package minio
|
package minio
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/md5"
|
"crypto/md5"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"hash"
|
"hash"
|
||||||
|
@ -214,34 +213,25 @@ func (c Client) putObjectSingle(bucketName, objectName string, reader io.Reader,
|
||||||
hashAlgos["sha256"] = sha256.New()
|
hashAlgos["sha256"] = sha256.New()
|
||||||
}
|
}
|
||||||
|
|
||||||
if size <= minPartSize {
|
|
||||||
// Initialize a new temporary buffer.
|
|
||||||
tmpBuffer := new(bytes.Buffer)
|
|
||||||
size, err = hashCopyN(hashAlgos, hashSums, tmpBuffer, reader, size)
|
|
||||||
reader = bytes.NewReader(tmpBuffer.Bytes())
|
|
||||||
tmpBuffer.Reset()
|
|
||||||
} else {
|
|
||||||
// Initialize a new temporary file.
|
// Initialize a new temporary file.
|
||||||
var tmpFile *tempFile
|
tmpFile, err := newTempFile("single$-putobject-single")
|
||||||
tmpFile, err = newTempFile("single$-putobject-single")
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
defer tmpFile.Close()
|
defer tmpFile.Close()
|
||||||
|
|
||||||
size, err = hashCopyN(hashAlgos, hashSums, tmpFile, reader, size)
|
size, err = hashCopyN(hashAlgos, hashSums, tmpFile, reader, size)
|
||||||
if err != nil {
|
// Return error if its not io.EOF.
|
||||||
|
if err != nil && err != io.EOF {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Seek back to beginning of the temporary file.
|
// Seek back to beginning of the temporary file.
|
||||||
if _, err = tmpFile.Seek(0, 0); err != nil {
|
if _, err = tmpFile.Seek(0, 0); err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
reader = tmpFile
|
reader = tmpFile
|
||||||
}
|
|
||||||
// Return error if its not io.EOF.
|
|
||||||
if err != nil && err != io.EOF {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
// Execute put object.
|
// Execute put object.
|
||||||
st, err := c.putObjectDo(bucketName, objectName, reader, hashSums["md5"], hashSums["sha256"], size, metaData)
|
st, err := c.putObjectDo(bucketName, objectName, reader, hashSums["md5"], hashSums["sha256"], size, metaData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
40
vendor/src/github.com/minio/minio-go/api.go
vendored
40
vendor/src/github.com/minio/minio-go/api.go
vendored
|
@ -30,7 +30,6 @@ import (
|
||||||
"net/http/httputil"
|
"net/http/httputil"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"regexp"
|
|
||||||
"runtime"
|
"runtime"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
@ -309,40 +308,6 @@ type requestMetadata struct {
|
||||||
contentMD5Bytes []byte
|
contentMD5Bytes []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// regCred matches credential string in HTTP header
|
|
||||||
var regCred = regexp.MustCompile("Credential=([A-Z0-9]+)/")
|
|
||||||
|
|
||||||
// regCred matches signature string in HTTP header
|
|
||||||
var regSign = regexp.MustCompile("Signature=([[0-9a-f]+)")
|
|
||||||
|
|
||||||
// Filter out signature value from Authorization header.
|
|
||||||
func (c Client) filterSignature(req *http.Request) {
|
|
||||||
origAuth := req.Header.Get("Authorization")
|
|
||||||
if origAuth != "" {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if !strings.HasPrefix(origAuth, signV4Algorithm) {
|
|
||||||
// Set a temporary redacted auth
|
|
||||||
req.Header.Set("Authorization", "AWS **REDACTED**:**REDACTED**")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Signature V4 authorization header.
|
|
||||||
|
|
||||||
// Strip out accessKeyID from:
|
|
||||||
// Credential=<access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request
|
|
||||||
newAuth := regCred.ReplaceAllString(origAuth, "Credential=**REDACTED**/")
|
|
||||||
|
|
||||||
// Strip out 256-bit signature from: Signature=<256-bit signature>
|
|
||||||
newAuth = regSign.ReplaceAllString(newAuth, "Signature=**REDACTED**")
|
|
||||||
|
|
||||||
// Set a temporary redacted auth
|
|
||||||
req.Header.Set("Authorization", newAuth)
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// dumpHTTP - dump HTTP request and response.
|
// dumpHTTP - dump HTTP request and response.
|
||||||
func (c Client) dumpHTTP(req *http.Request, resp *http.Response) error {
|
func (c Client) dumpHTTP(req *http.Request, resp *http.Response) error {
|
||||||
// Starts http dump.
|
// Starts http dump.
|
||||||
|
@ -352,7 +317,10 @@ func (c Client) dumpHTTP(req *http.Request, resp *http.Response) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Filter out Signature field from Authorization header.
|
// Filter out Signature field from Authorization header.
|
||||||
c.filterSignature(req)
|
origAuth := req.Header.Get("Authorization")
|
||||||
|
if origAuth != "" {
|
||||||
|
req.Header.Set("Authorization", redactSignature(origAuth))
|
||||||
|
}
|
||||||
|
|
||||||
// Only display request header.
|
// Only display request header.
|
||||||
reqTrace, err := httputil.DumpRequestOut(req, false)
|
reqTrace, err := httputil.DumpRequestOut(req, false)
|
||||||
|
|
23
vendor/src/github.com/minio/minio-go/utils.go
vendored
23
vendor/src/github.com/minio/minio-go/utils.go
vendored
|
@ -227,3 +227,26 @@ func filterHeader(header http.Header, filterKeys []string) (filteredHeader http.
|
||||||
}
|
}
|
||||||
return filteredHeader
|
return filteredHeader
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// regCred matches credential string in HTTP header
|
||||||
|
var regCred = regexp.MustCompile("Credential=([A-Z0-9]+)/")
|
||||||
|
|
||||||
|
// regCred matches signature string in HTTP header
|
||||||
|
var regSign = regexp.MustCompile("Signature=([[0-9a-f]+)")
|
||||||
|
|
||||||
|
// Redact out signature value from authorization string.
|
||||||
|
func redactSignature(origAuth string) string {
|
||||||
|
if !strings.HasPrefix(origAuth, signV4Algorithm) {
|
||||||
|
// Set a temporary redacted auth
|
||||||
|
return "AWS **REDACTED**:**REDACTED**"
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Signature V4 authorization header.
|
||||||
|
|
||||||
|
// Strip out accessKeyID from:
|
||||||
|
// Credential=<access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request
|
||||||
|
newAuth := regCred.ReplaceAllString(origAuth, "Credential=**REDACTED**/")
|
||||||
|
|
||||||
|
// Strip out 256-bit signature from: Signature=<256-bit signature>
|
||||||
|
return regSign.ReplaceAllString(newAuth, "Signature=**REDACTED**")
|
||||||
|
}
|
||||||
|
|
|
@ -23,6 +23,31 @@ import (
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Tests signature redacting function used
|
||||||
|
// in filtering on-wire Authorization header.
|
||||||
|
func TestRedactSignature(t *testing.T) {
|
||||||
|
testCases := []struct {
|
||||||
|
authValue string
|
||||||
|
expectedRedactedAuthValue string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
authValue: "AWS 1231313:888x000231==",
|
||||||
|
expectedRedactedAuthValue: "AWS **REDACTED**:**REDACTED**",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
authValue: "AWS4-HMAC-SHA256 Credential=12312313/20170613/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=02131231312313213",
|
||||||
|
expectedRedactedAuthValue: "AWS4-HMAC-SHA256 Credential=**REDACTED**/20170613/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, testCase := range testCases {
|
||||||
|
redactedAuthValue := redactSignature(testCase.authValue)
|
||||||
|
if redactedAuthValue != testCase.expectedRedactedAuthValue {
|
||||||
|
t.Errorf("Test %d: Expected %s, got %s", i+1, testCase.expectedRedactedAuthValue, redactedAuthValue)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Tests filter header function by filtering out
|
// Tests filter header function by filtering out
|
||||||
// some custom header keys.
|
// some custom header keys.
|
||||||
func TestFilterHeader(t *testing.T) {
|
func TestFilterHeader(t *testing.T) {
|
||||||
|
|
Loading…
Reference in a new issue